GlobalSign today released findings of its first Quarterly SSL Configuration Evaluation to show how effectively global organizations are implementing SSL to protect their websites.
The evaluation was based on website URLs of organizations that used the GlobalSign SSL Configuration Checker to assess the strength and quality of their SSL configurations. According to the official PR by GlobalSign, the Q1 of 2013 saw over 6,000 sites using the tool to evaluate the effectiveness of their SSL, out of which 269 sites used the remediation guidance provided by GlobalSign to improve and strengthen the security of their sites.
GlobalSign’s SSL Configuration Checker is a tool that offers an overall grade of a website’s SSL configuration, its effectiveness, remediation steps and certificate details.
Organizations who wish to test their SSL’s effectiveness can enter their website addresses and instantly receive a letter grade for their configuration.
Powered by Qualys SSL Labs, the tool evaluates strength and quality of SSL certificates based on a grading system that has three steps:
- The site’s SSL certificate is examined to confirm that it is trusted and valid. If a server fails this step it is automatically given a zero.
- The server configuration is tested in three categories: 1) protocol support, 2) key exchange support 3) cipher support.
- Finally, a score between 0 and 100 is assigned to the site. The grading scale is as follows:
- score >= 80 A
- score >= 65 B
- score >= 50 C
- score >= 35 D
- score >= 20 E
- score < 20 F
“50 percent of 269 websites that used the GlobalSign SSL Configuration Checker strengthened the effectiveness of their SSL configuration grades in 30 minutes or less. Fifteen percent improved from a B, C, D or F to an A grade in less than two hours,” says GlobalSign.
Out of the 269 websites that used the remediation guidance provided by GlobalSign to improve and strengthen the security of their sites, 172 organizations improved their grade to an A overall, 113 organizations improved their F grade to an A, B or C and 95 organizations improved their B grade to an A.
“The improvement in website security is certainly encouraging for us to see, but this is the absolute tip of a very big, fast-moving and dangerous iceberg,” said Ryan Hurst, CTO, GlobalSign.
“Administrators can use the SSL Configuration Checker to greatly improve and remediate the security of poorly configured sites, but it is the awareness of this free and easy tool that we are trying to drive. Both small and large organizations with websites must adopt best practices, but first they have to identify the strengths and weaknesses of their sites’ SSL configuration.”
GlobalSign also evaluated the SSL effectiveness of the Alexa Top 100 websites; 51 % of which received an A, 25 % a B and 5 % scored a C.
For more information on the GlobalSign SSL Configuration Checker, click here.